Compliance with ArangoDB
If you are considering using ArangoDB as your graph database solution to store your sensitive data, rest assured that ArangoDB offers many solutions to meet your industry standards. ArangoDB has the necessary measures to ensure your data’s privacy and security, including Authentication, Authorization, Data Masking, Encryption 360, and Auditing.
Safeguarding sensitive user data is of utmost importance today. We are SOC 2 Type 2 compliant and follow international standards like the EU (GDPR) and the United States (California’s CCPA). Many companies need to meet industry standards such as Health Insurance Portability and Accountability Act – HIPAA and Payment Card Industry Data Security Standard – PCI.
Encryption 360
Encryption is a critical safeguard that ensures the security of the data and protects outside users from accessing data by monitoring traffic or intercepting data in transit. ArangoDB has you covered keeping your data encrypted at all times using three different methods: Encryption at Rest, Encryption in Transit, and Encrypted Backups.
Auditing
In terms of both compliance and forensic analysis of data breaches, auditing is an important tool. ArangoDB Audit Logs provide an irrefutable record of actions taken, whether they are generated by a database, directory, or operating system.
Read more about the ArangoDB Enterprise Security Features
Data Masking
The data masking feature provides a convenient way to extract sensitive production data while masking critical information that should not be exposed. This includes names, birthdays, credit card numbers, addresses, emails or phone-numbers.
The Community Edition of ArangoDB already supports the masking function – random string, which masks data with an anonymized string of random length. The Enterprise Edition users have the option of taking this a step further with Enhanced Data Masking functions. The Enterprise Edition offers more masking types and more masking settings allowing to keep data structure when creating obfuscated data exports.
LDAP-powered Authentication
Authentication establishes the identity of all users accessing the database. Each user attempting to enter the system must be appropriately identified to determine their role and ability to access the database. The ArangoDB LDAP Server feature available in ArangoDB Enterprise is the solution to this problem.
Authorization
Once the user is authenticated in the LDAP server, ArangoDB offers two methods for authorization: (a) “roles attribute” and (b) “roles search”.
SOC 2, GDPR, and CCPA Compliance
Data protection should be a top priority for many applications today. Therefore, it is critical that your database has the features to help you reach full compliance for regional data processing regulations.
ArangoDB is committed to keeping your data safe, which is backed by our SOC 2 Type 2 certification.
In 2018 the General Data Protection Regulation (GDPR) data privacy regulations were set into effect in the EU. Any organization inside or outside the EU must be GDPR compliant if they store, use, secure, or transmit EU resident’s personal data. California recently passed the California Consumer Privacy Act (CCPA) to regulate the collection, use and protection of personal data.
ArangoDB has you covered ensuring your applications built with ArangoDB maintains GDPR and CCPA compliance by meeting key privacy and security requirements. While the Community Edition provides some basics for compliance, the ArangoDB Enterprise Edition provides everything out-of-the-box. These additional security capabilities are what will ensure you can build full GDPR and CCPA compliant applications.
If you are interested in more details or require access to the ArangoDB SOC 2 report, please contact soc2@arangodb.com.
HIPAA Compliance
The Health Insurance Portability and Accountability Act (HIPAA) is a law passed in 1996 by US congress that sets standards and protocols for the protection of patient data in the healthcare industry. It states that personal patient data must be appropriately safeguarded and privacy sufficiently maintained.
ArangoDB provides all features necessary on the database side to be build full HIPAA-compliant applications.